I am really confused by one part of your blog post: it says that you had to embed Lwip as applications don't send/receive IP packets... but you also describe this as x86 virtualization running specifically-Linux, and Linux absolutely has its own TCP stack, so I don't understand what Lwip is actually accomplishing here... I would have thought you'd essentially be implemented as a paravirtualized network adapter, but then the article mentions system calls? I guess I just fundamentally don't understand at what level of the stack you have this implemented... did you replace the Linux kernel and reimplement its entire system call layer?
CheerpX currently focuses on user mode (ring 3), and does not fully emulate the kernel (ring 0). We do, however, implement a subset of the Linux system call interface, which is enough to run most applications.
Could be cool to see an implementation using Chrome's experimental Direct Sockets API [0]. The API requires using a form of new web packaging known as Isolated Web Apps which have a strict CSP [1] though, so it might not be possible to use it for this since I'd assume it's dynamically executing a lot of code.
Can we use custom derp/headscale setups? Would be interesting even for use internally then, hell rolling custom versions with preloaded software could also be pretty cool all connected to a corporate headscale/derp.
